Google omniauth + devise + @domain access + rails

Question

I'm using omniauth and devise and google to have users login to the website. I need to only allow users to sign in if they have a specific company email. For example, they click on sign-in with google and then unless they have a "@somecompany.com" email address they can successfully login. Otherwise they cannot login with a normal "@gmail.com" email. I cant seem to find where to do that in the documentation.

user model

def self.from_omniauth(access_token)
  data = access_token.info
  user = User.where(email: data['email']).first_or_initialize
  user.given_name = data['first_name']
  user.family_name = data['last_name']
  user.password = SecureRandom.uuid
  user.save!
  user
end

omniauth controller

def google_oauth2

  @user = User.from_omniauth(request.env["omniauth.auth"])

  if @user.persisted?
    flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
    sign_in_and_redirect @user, :event => :authentication
  else
    session["devise.google_data"] = request.env["omniauth.auth"]
    redirect_to new_user_registration_url
  end
 end

routes

 devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }

score 1 · Accepted Answer · edited May 23 '17 at 12:29

1

You can try:

providers:
      - { name: 'google_oauth2', app_id: 'APP-ID',
         app_secret: 'APP-SECRET',
         args: { access_type: 'offline', approval_prompt: 'auto', hd: 'example.com' } }

where example.com is changed to your company domain.

Otherwise you can try these answers on StackOverflow:

edited May 23 '17 at 12:29

Community

1
1

answered Sep 03 '15 at 08:00

Anu_5512

46
6

Thanks it worked, needed to modify the ominaut controller like the link you send me – wildrails Sep 03 '15 at 09:00

Prakash Laxkar · Answer 2 · 2015-09-03T07:49:53.357

0

Update your method in model as

def self.from_omniauth(access_token)
 data = access_token.info
 user = User.where(email: data['email']).first_or_initialize
 user.given_name = data['first_name']
 user.family_name = data['last_name']
 user.password = SecureRandom.uuid
 user.save! unless data['email'].split("@").include?('gmail.com')
 user
end

update google_oauth2 method as well for already registered user

if @user.persisted? && !@user.email.split("@").include?('gmail.com')

edited Sep 03 '15 at 07:49

answered Sep 03 '15 at 07:31

Prakash Laxkar

824
1
8
17

i tried it but it still let me login with a @gmail.com email – wildrails Sep 03 '15 at 07:41

Google omniauth + devise + @domain access + rails

2 Answers2